Windows 10 News and info | Forum
August 11, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: You Can Now Check If Your ISP Uses Basic Security Measures  (Read 79 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 31662


I Do Windows


WWW Email
« on: April 18, 2020, 11:07:16 PM »
ReplyReply

FOR MORE THAN an hour at the beginning of April, major sites like Google and Facebook sputtered for large swaths of people. The culprit wasn't a hack or a bug. It was problems with the internet data routing standard known as the Border Gateway Protocol, which had allowed significant amounts of web traffic to take an unexpected detour through a Russian telecom. For Cloudflare CEO Matthew Prince, it was the last straw.

BGP disruptions happen frequently, generally by accident. But BGP can also be hijacked for large-scale spying, data interception, or as a sort of denial of service attack. Just last week, United States Executive Branch agencies moved to block China Telecom from offering services in the US, because of allegedly malicious activity that includes BGP attacks. Companies like Cloudflare sit on the front lines of the BGP blowback. And while the company can't fix the problem directly, it can call out those that are slow to contribute defenses.

On Friday, the company launched Is BGP Safe Yet​, a site that makes it easier for anyone to check whether their internet service provider has added the security protections and filters that can make BGP more stable. Those improvements are most effective with wide adoption from ISPs, content delivery networks like Cloudflare, and other cloud providers. Cloudflare estimates that so far about half of the internet is more protected thanks to heavy hitters like AT&T, the Swedish telecom Telia, and the Japanese telecom NTT adopting BGP improvements. And while Cloudflare says it doesn't seem like the Rostelecom incident was intentional or malicious, Russian telecoms do have a history of suspicious BGP meddling, and similar problems will keep cropping up until the whole industry is on board.

"With that last big route leak from a few weeks ago out of Russia, it was a point at which our engineering team said enough is enough, itís time for us to start naming and shaming the companies who arenít doing this right," says Cloudflare CEO Matthew Prince. "Anything that goes wrong anywhere on the internet, we get blamed for it, which is right! Our customers pay us to make sure their internet connections are fast and secure and reliable. So BGP is one of these really frustrating areas that we canít solve ourselves."

BGP is like a GPS mapping service for the internet, enabling ISPs to automatically choose what route data should take over the internet's vast landscape of networks. But really BGP is like using a GPS mapping service run by your opinionated relatives. Your cousin's stepfather says "Oh, take this route. It'll be fast and safe and you get to pass the house with the great Halloween decorations," and you just have to trust him. If he doesn't know what he's talking aboutólike an ISP advertising a bad BGP routeóyou could end up stuck in endless mall traffic.

The cryptographic tools, route filters, and best practices Cloudflare and other organizations have been promoting are like a sixth sense for detecting when you're getting bad advice. They run actual checks on the BGP routes other ISPs are "announcing," or offering, to make sure they're legitimate and that no one is advertising a problematic route.

Is BGP Safe Yet will test your ISP by offering a legitimate route and an invalid one to load two pages. If your ISP catches the invalid route and only loads the page on the real route, it passes the test. But if it accepts both routes as valid, your ISP will fail, meaning that it hasn't yet implemented the BGP protections to check for bad routes and filter them.

Even with a large number of services still not offering BGP protections, you can still reap benefits from those that do. Prince explains that during a disruption like the Russian telecom incident, ISPs using BGP best practices would identify the issue, often called a "route leak," and reject it in favor of a legitimate route. So if your home Wi-Fi comes from Comcast, which hasn't yet implemented the improvements, and you get your mobile data from AT&T, which has, you might have issues loading certain websites and services on your laptop during a BGP incident but could access them fine from your smartphone.


click to test your ISP

source
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page May 15, 2020, 01:10:55 AM